saml attribute - multiple value separate per string

ruancarloss · ‎10-Nov-2022

I have the following need in the "Saml attribute" settings of the SAML IDP server, I need a variable to assign in the apm, filtering all groups that contain the XYZ text, and each value being delivered as a separate string follows below as needed, and how the f5 delivers.

Daniel_Wolf · ‎11-Nov-2022

Hi @ruancarloss,

you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ.

Here is very simple example, starting with the Access Policy.

And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.

set list "|";
foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] {
    if { $element contains "test"} {
        append list "$element|";
    }
}
return $list;

The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.

The resulting SAML token has the following attributes:

Does this answer your question?

KR
Daniel

ruancarloss · ‎11-Nov-2022

the loop created works and thank you.
However I need only the CN value to be delivered.
enjoying your scenery, the script delivers:
* CN=testgruppe1,OU=grou.....
* CN=testgruppe2,OU=grou.....

would have to customize for the output to be:
* testgroupp1
* testgrouppe2

Thank you for your help

Daniel_Wolf · ‎11-Nov-2022

The example below I had more or less ready for copy&paste.
I think you could use the trim command to customize the output to your desired format.

Take a look here

DevCentral

saml attribute - multiple value separate per string

Sep 26th, 2023
MFA required on DevCentral

DevCentral

saml attribute - multiple value separate per string

Sep 26th, 2023MFA required on DevCentral

Sep 26th, 2023
MFA required on DevCentral